Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: bbcbc4eddfb8
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: b17ed5dbb029
Choose a head ref
  • 5 commits
  • 6 files changed
  • 2 contributors

Commits on Nov 19, 2020

  1. nixos: openstack: have its own metadata fetcher expression

    These two APIs have diverged over time and are no longer compatible.
    
    (cherry picked from commit 21339b4)
    grahamc committed Nov 19, 2020
    Copy the full SHA
    04c06b5 View commit details
    Browse the repository at this point in the history
  2. nixos: ec2 ami: support IMDSv2

    AWS's metadata service has two versions. Version 1 allowed plain HTTP
    requests to get metadata. However, this was frequently abused when a
    user could trick an AWS-hosted server in to proxying requests to the
    metadata service. Since the metadata service is frequently used to
    generate AWS access keys, this is pretty gnarly. Version two is
    identical except it requires the caller to request a token and provide
    it on each request.
    
    Today, starting a NixOS AMI in EC2 where the metadata service is
    configured to only allow v2 requests fails: the user's SSH key is not
    placed, and configuration provided by the user-data is not applied.
    The server is useless. This patch addresses that.
    
    Note the dependency on curl is not a joyful one, and it expand the
    initrd by 30M. However, see the added comment for more information
    about why this is needed. Note the idea of using `echo` and `nc` are
    laughable. Don't do that.
    
    (cherry picked from commit 83ea88e)
    grahamc committed Nov 19, 2020
    Copy the full SHA
    58b10d7 View commit details
    Browse the repository at this point in the history
  3. nixos ami: preflight the imds token

    According to Freenode's ##AWS, the metadata server can sometimes
    take a few moments to get its shoes on, and the very first boot
    of a machine can see failed requests for a few moments.
    
    (cherry picked from commit f2cfecd)
    grahamc committed Nov 19, 2020
    Copy the full SHA
    0e9503a View commit details
    Browse the repository at this point in the history
  4. nixos: release: add amazonImage as a channel blocker

    (cherry picked from commit 0d87ce6)
    grahamc committed Nov 19, 2020
    Copy the full SHA
    2595890 View commit details
    Browse the repository at this point in the history
  5. Merge pull request #104302 from grahamc/ec2-metadata-imdsv2-backport

    [20.09] NixOS EC2 AMI: Support IMDSv2
    worldofpeace committed Nov 19, 2020
    Copy the full SHA
    b17ed5d View commit details
    Browse the repository at this point in the history